bugzilla-daemon at mindrot.org
2004-Mar-03 15:25 UTC
[Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key
http://bugzilla.mindrot.org/show_bug.cgi?id=806
Summary: openssh after 3.6.1p1 can not authenticate via public
rsa2 key
Product: Portable OpenSSH
Version: 3.8p1
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: major
Priority: P2
Component: ssh
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: peter.kielbasiewicz at philips.com
My compilation of openssh 3.7.1p2 and 3.8p1 can not authenticate from HPUX 10.20
via rsa2 or dsa public key.
The sshd daemon side works OK. I can use public key authentication from Linux or
Windows TO HPUX without problems.
I am using rsa2 keys and the keys as well as the access rights of my directory
structure are ok. I can connect to the sshd on HPUX from other platforms with my
key pair using public key authentication without problems.
When I try ssh FROM HPUX to other hosts or even to myself sshd always asks
for a password.
It seems that the ssh client skips the public key authentication step as can be
seen from the debug output below.
The openssh version 3.6.1p1 does not show the described effect, i.e. I can
connect from HP-UX using my rsa2 public key authentication without problems.
As HP-UX does not support PAM I did not use the with-pam flag for compilation.
The compile flags were the same for all revisions and as follows:
CFLAGS="+O3 +ESlit +Optrs_strongly_typed
-I$SRC/tcp_wrappers/$TCP_WRAPver" \
LDFLAGS="-L$SRC/tcp_wrappers/$TCP_WRAPver" \
./configure --prefix=/opt/$VER \
--sysconfdir=/etc/opt/openssh \
--with-default-path="/usr/bin:/usr/sbin:/opt/$VER/bin" \
--with-ssl-dir=$SRC/openssl/$OPENSSLver \
--with-zlib=$SRC/zlib/$ZLIBver \
--with-prngd-socket=/var/run/egd-pool \
--with-tcp-wrappers \
--without-shadow \
--disable-suid-ssh
I compiled against
TCP_WRAPver=tcp_wrappers_7.6-ipv6.3
OPENSSLver=openssl-0.9.7c
ZLIBver=zlib-1.2.1
PRNGDver=prngd-0.9.27
Parts from debug output:
debug1: identity file /home/peterk/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/peterk/.ssh/id_rsa type 1
debug1: identity file /home/peterk/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
...
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-03 15:37 UTC
[Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key
http://bugzilla.mindrot.org/show_bug.cgi?id=806 ------- Additional Comments From peter.kielbasiewicz at philips.com 2004-03-04 02:37 ------- Created an attachment (id=559) --> (http://bugzilla.mindrot.org/attachment.cgi?id=559&action=view) debug output from ssh 3.8p1 connections ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-04 01:38 UTC
[Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key
http://bugzilla.mindrot.org/show_bug.cgi?id=806 ------- Additional Comments From dtucker at zip.com.au 2004-03-04 12:38 ------- I just tried 3.7.1p2 on my 11.00 box and it worked ok: debug1: Offering public key: /home/dtucker/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply [...] Peter, could you please create attachments of config.h after running configure, for both 3.6.1p2 and 3.8p1? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-04 09:32 UTC
[Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key
http://bugzilla.mindrot.org/show_bug.cgi?id=806 ------- Additional Comments From peter.kielbasiewicz at philips.com 2004-03-04 20:32 ------- Created an attachment (id=561) --> (http://bugzilla.mindrot.org/attachment.cgi?id=561&action=view) config.h of openssh3.6.1p1 with buffer.adv patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-04 09:33 UTC
[Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key
http://bugzilla.mindrot.org/show_bug.cgi?id=806 ------- Additional Comments From peter.kielbasiewicz at philips.com 2004-03-04 20:33 ------- Created an attachment (id=562) --> (http://bugzilla.mindrot.org/attachment.cgi?id=562&action=view) make log of openssh3.6.1p1 with buffer.adv patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-04 09:33 UTC
[Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key
http://bugzilla.mindrot.org/show_bug.cgi?id=806 ------- Additional Comments From peter.kielbasiewicz at philips.com 2004-03-04 20:33 ------- Created an attachment (id=563) --> (http://bugzilla.mindrot.org/attachment.cgi?id=563&action=view) config.h of openssh3.8p1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-04 09:36 UTC
[Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key
http://bugzilla.mindrot.org/show_bug.cgi?id=806 ------- Additional Comments From peter.kielbasiewicz at philips.com 2004-03-04 20:36 ------- Created an attachment (id=564) --> (http://bugzilla.mindrot.org/attachment.cgi?id=564&action=view) make log of openssh3.8p1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-04 09:41 UTC
[Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key
http://bugzilla.mindrot.org/show_bug.cgi?id=806 ------- Additional Comments From peter.kielbasiewicz at philips.com 2004-03-04 20:41 ------- Created an attachment (id=565) --> (http://bugzilla.mindrot.org/attachment.cgi?id=565&action=view) openssh compile and build options ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-30 03:25 UTC
[Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key
http://bugzilla.mindrot.org/show_bug.cgi?id=806 ------- Additional Comments From dtucker at zip.com.au 2004-03-30 13:25 ------- There have been reports[1][2] of OpenSSL builds not working properly on HP-UX. Does "make tests" in the openssl directory pass all of its tests? It looks like you are using the HP compiler? See if openssl can read the keys itself: openssl rsa -check -noout <$HOME/.ssh/id_rsa openssl rsa -modulus -noout <$HOME/.ssh/id_rsa [1] http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=108012097630716 [2] http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=107969091332191 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Reasonably Related Threads
- [Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key
- outlook2007 shows frequent imap disconnect no matter what outlook-idle setting in dovecot.conf
- FW: pam headers not found : openssh3.8p1 install fails
- Prediction error for Ordinary Kriging
- Restrict a client port-forward to 1 port